Foundation of Data Protection Professionals in India, which is the premier organisation in India dedicated to Privacy and Data Protection has come out with its latest issue of Data Protection Journal of India (www.dpji.in).
DPJI is presently a journal published on internet and its issues are available at www.dpji.in. The current issue is the 7th issue in the series. The earlier issues covered different aspects of Data Protection
In the past issues several interesting topics such as the Valuation of Data, the PDPSI framework (Now renamed as DPCSI framework), the need for compliance culture to be developed in India have been discussed.
In the current issue an important aspect of Data Protection namely the role of people have been discussed.
By focussing on the concept of “Human Firewall” a focus has been brought to the use of humans to develop a security cover to combat the risk of privacy and information security. Just as technology tools such as encryption, firewall and Intrusion detection systems are used to combat technology risks, this concept envisages that human skills have to be used for risk mitigation.
The involvement of humans as part of the security posture is important both because insider frauds constitute a large percentage of cyber risks and cannot be mitigated by policies, procedure and technology. Also even the technology or policy controls have to be implemented by the humans only and motivating them to be “Security Champions” is necessary.
This concept has been well ingrained in our earlier discussions on “Vulnerabilities in human space” and “Theory of Information Security Motivation” etc.
We had also incorporated several principles of using human resources in the unique indigenous framework for Privacy and Data Protection, namely the DPCSI (Data Protection Standard of India). In particular, we had introduced a standard titled
“Distributed Responsibility, along with implementations for Augmented HR policy which included incentivisation and dis incentivisation for motivational purpose. Further the “Augmented Whistle-blower policy” extended the concept to a “Human IDS system”.
Naavi.org has also been discussing from time to time, concepts such as the “Human Bomb”, “Deviant Minds in Workforce”, “Technology Intoxication” etc all revolving around the concept of “Mitigating human Risks” in Cyber Crime prevention.
It was therefore a pleasure to observe that Dr Anirban Ghosh, a professional working in BT group had actually worked on a research thesis on the topic of “Human Firewall” and with his permission the entire thesis has been reproduced in the July issue of the journal.
We hope that professionals interested in the field of Cyber Psychology, Human Resource Management and related topics would find the issue worth going through.
Kindly do share the copy within your organization as a part of your knowledge management.
Any queries on any of the topics are welcome.